this post was submitted on 22 Jun 2023
213 points (99.1% liked)

Lemmy

12524 readers
3 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Hey folks! Just realized something that makes Lemmy different from Reddit. Because of the federation, your votes are not technically anonymous on Lemmy. At least, I think.

Although there’s no UI to look at a user’s voting history yet, one could conceivably be built by an instance. Perhaps coincidentally, I hear there’s instances out there populated by mostly bots?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 49 points 1 year ago (4 children)

From a technical standpoint, it's not different from Reddit. The only difference here is that normal people can host their own instances, whereas Reddit is only hosted by the company and they can keep it under wraps.

[–] o_o 27 points 1 year ago (11 children)

Agreed from a technical standpoint.

But the implications are still interesting. One might (big might) trust Reddit as an organization not to use this data for evil, but with federation, there’s nothing stopping an instance from simply releasing all users’ voting history to be public.

Of course, my instance didn’t even ask for an email to sign up, so my entire account is anonymous that way.

I wonder if there are technical ways to federate votes anonymously?

[–] [email protected] 13 points 1 year ago (1 children)

Yeah, I wonder how you can federate anonymously while still maintaining defenses against vote manipulation.

[–] [email protected] 5 points 1 year ago (3 children)

I think you could probably do something like have the votes be reported in aggregate by the instance.

Any individual instance admin could use defences against vote manipulation by their own users, and other instances' admins could use defences against one particular instance being widely used for vote manipulation.

load more comments (3 replies)
[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

but with federation, there’s nothing stopping an instance from simply releasing all users’ voting history to be public.

Which kbin.social does.

[–] JackbyDev 9 points 1 year ago (2 children)

Maybe you could hash the user and post together somehow this way it is hashed but also unique per post. If you only hashed the username then the entirety of the user's voting history would be known if the hash was reverted.

[–] o_o 8 points 1 year ago (2 children)

Could be hashed and salted, with a random salt.

The trouble is, then, that it’s harder to disallow users from voting multiple times if the voting user isn’t on the post’s home instance.

[–] [email protected] 5 points 1 year ago (2 children)

Couldn't someone vote multiple times anyway by just having a bunch of different accounts?

[–] o_o 4 points 1 year ago

Yes, true, the current system does allow that. But the current system also doesn’t allow users to accidentally vote twice (and it remembers your vote)— this is the feature I think would be more challenging to implement if we were to hash & salt the user's ID.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 3 points 1 year ago (2 children)

Hashing can't effectively protect known values. If you want to know if someone voted for a post you can just hash their username and post ID. This is trivial and cheap.

If you want to know who voted on a post you just find every username you can find and hash it. It isn't super cheap but isn't very expensive either. There are only 8G people on the planet, many bitcoin rigs can calculate this in seconds. Sure, you can use a more expensive hash and there may be more accounts than people but it will remain feasible.

This is the same reason you can't hash phone numbers in a meaningful way.

The best option is probably just for the instance to report counts and you just have to trust it. If it is noticed that an instance seems to be inflating votes you stop counting its votes. People can work together to create blocklists for known cheating instances. Your instance would still know this but at least it is within your trust, not federated publicly.

load more comments (2 replies)
load more comments (8 replies)
[–] [email protected] 12 points 1 year ago (2 children)

In fact, Reddit has suspended people for upvoting before.

[–] [email protected] 15 points 1 year ago (1 children)

True, but in Unidan's defense, it was a jackdaw, not a crow.

[–] [email protected] 3 points 1 year ago (1 children)

We need Unidan back now more than ever 🤗🐦‍⬛

load more comments (1 replies)
[–] [email protected] 11 points 1 year ago (1 children)

You're kidding surely. That's actually awful. Any source for this? Would love to read more about it.

[–] [email protected] 5 points 1 year ago

Not from normal upvoting, but vote manipulation like was mentioned above with unidan. Basically using multiple accounts to upvote your own post for visibility.

load more comments (2 replies)
[–] [email protected] 25 points 1 year ago (2 children)

Yes, I thought that was implied. Voting is part of moderation. All moderation must be radically transparent. Your voting history is the weight of your credibility and reputation on Lemmy.

[–] [email protected] 8 points 1 year ago (3 children)

@interdimensionalmeme @o_o Agreed! Your voting history will help others gauge how objective (or not) you are.

load more comments (3 replies)
[–] [email protected] 6 points 1 year ago (2 children)

It also discourages people from upvoting more controversial topics, for better or for worse.

I just hope it doesn't turn into Twitter's culture of ruining people's lives by showing they liked a sus tweet 5 years ago, LMAO.

[–] [email protected] 3 points 1 year ago (1 children)

It would be nice if we could upvote interesting posts rather that posts that we agree with.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 21 points 1 year ago (5 children)

This would be interesting to see if certain articles were pushed up or down by bot accounts.

This could be anywhere from news articles being buried/promoted or by hidden advertising within a post.

[–] o_o 13 points 1 year ago (1 children)

True! Also instances could each do their own brand of “vote manipulation mitigation” by counting or ignoring different sources of votes.

Other cool features come to mind, like having a separate vote count for voters from the local instance.

[–] [email protected] 3 points 1 year ago

Other cool features come to mind, like having a separate vote count for voters from the local instance.

That'd be cool. Like a big colorful number representing the total votes and then a smaller number right below that in parenthesis and a gray color to indicate local instance votes.

load more comments (4 replies)
[–] [email protected] 20 points 1 year ago

When us older folks say "Anything you put on the public internet should be considered public and recorded forever", it's because of that.

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago) (7 children)

Because of the federation, your votes are not technically anonymous on Lemmy. At least, I think.

I was a little skeptical of this assertion without any sources, but 10m of source scanning does seem to support it:

I haven't looked for APIs to extract this data, it might only be available to an instance admin... but yeah Lemmy does not seem to aggregate vote histories, but rather stores them on a per-user basis.

[–] o_o 4 points 1 year ago

Good on you for actually checking and not blindly assuming like me! Hahaha glad to see my assumptions bore out this time.

But yeah, even if lemmy doesn’t aggregate it, it would be possible to set up a bot pretending to be an instance which collects and aggregates vote histories.

[–] [email protected] 3 points 1 year ago (2 children)

You can't aggregate them internally, anyway. You need to be able to know if someone already voted on something.

I think activitypub needs to be extended so that the likes and reduces only need to be sent to the host of the content, with federation then being told just the aggregate number. Then the only servers that need to know identity of votes are the host server (necessary to ensure nobody can multi vote) and optionally the server the user voted on (could just relay the information to the host server and not store it locally, but then it'd be harder to tell what you've already upvoted -- could use local storage but I think lots of people use social media on multiple devices).

load more comments (2 replies)
load more comments (5 replies)
[–] [email protected] 14 points 1 year ago (4 children)

Im sorry for the stupid question but can someone explain the difference between lemmy and Kbin?

I just recently created a kbin account and downloaded the kbin app but see a lot about lemmy on here. Is kbin a subset of lemmy? If I want a wider variety of content would I go to lemmy or kbin?

Again, sorry for the stupid question.

[–] o_o 16 points 1 year ago

Not a stupid question at all!

Lemmy and Kbin are two different systems that talk to each other. Like how Gmail and Outlook are two different systems, but you can still send emails between them.

So you can make posts over there on Kbin and I can upvote them from over here on Lemmy.

Make sense?

[–] [email protected] 4 points 1 year ago

Just from what I understand myself, it's that they are two different software setups. But they both use the ActivityPub standard that all federated content is using. KBin is different though in that it's trying to be more like Twitter with Sub Reddits, than like Reddit with Tweeting. And Lemmy is just purely trying to recreate the Reddit experience. So like on Twitter, Mastadon, and KBin upvote is more of a like and people can see what accounts "like." KBin and Mastadon share the same 'microblogging' feature which is like twitter. From what I understand they share microblogs across the fediverse.

And Lemmy and Kbin share communities/magazines together thanks to federation. So you're on a magazine in KBin but I'm on Lemmy on Lemmy World looking at this community from Lemmy.ml interacting with you.

Overall I think if you like Twitter and Reddit and are fine with your entire history of actions being public KBin is perfect. If you just want a Twitter experience, Mastadon. If you want some more obscurity with your account like Reddit and only the Reddit experience, Lemmy.

Right now I think KBin's feature parity isn't too far off from Mastadon and Lemmy. But like the rule of any thing that combines two tools, it can't be better than both separately. I think as Lemmy and Mastadon matures into their niches KBin will almost exclusively be playing catch up with both in the long term.

[–] [email protected] 3 points 1 year ago (4 children)

@Mirror_I_rorrIMG kbin and lemmy are two different clients (imagine Outlook or Apple Mail) for the same service (the threadiverse, or email in the prior example). Pick one, they federate with each other (cross-pollinate).

@o_o

load more comments (4 replies)
[–] [email protected] 3 points 1 year ago

Most Lemmy instances and kbin are connected/federated to each other meaning that the content is available to both. For example, the thread you currently are replying to is on the Lemmy.ml instance. So in general you don't need to worry if the content is on a Lemmy instance or on kbin. You will see it anyway. So you can just pick the instance you like the UI best and use that.

There is a small caveat, in that a magazine/community will only start federating/being visible on a remote instance after someone visits that community for the first time. E.g if someone creates a new community on kbin, then it is only visible on kbin until someone goes to [email protected] on their instance. And also other way around. If someone makes a new community on Lemmy.world you won't see it on kbin until you it someone else goes to [email protected] on kbin.

[–] [email protected] 12 points 1 year ago (9 children)

They're definitely not anonymous, and Kbin actually does have the UI to show who is upvoting and downvoting any post if you view it on there.

load more comments (9 replies)
[–] [email protected] 12 points 1 year ago

It's also technically not on Reddit either. Letting people see what you up/downvoted is a setting that you can toggle as desired, although I believe that it defaults to "off".

[–] [email protected] 10 points 1 year ago (2 children)

On the other hand, I don't really trust Reddit with my upvotes/downvotes all that much more than random users, so I already refrain from voting on content I wouldn't want to be associated with....

Of course, Reddit can still see what posts I view, while that isn't the case for Lemmy (at least since I self-host an instance).

load more comments (2 replies)
[–] [email protected] 7 points 1 year ago (3 children)

Fine by me. I'll stand by my votes!

Has also been handy for a makeshift bookmark, so I can return to the stuff I liked.

load more comments (3 replies)
[–] [email protected] 4 points 1 year ago (1 children)

Wasn't part of the reason for anonymous voting and even "blurred" voting so accounts that were shadowbanned wouldn't know it and go create a new bot account to spam more?

[–] [email protected] 3 points 1 year ago

If I remember correctly, another reason was so that bots wouldn’t get usable feedback from voting.

load more comments
view more: next ›